This past week, both JetBrains TeamCity and Atlassian Confluence products have run into more hiccups as their string of vulnerabilities continues.
JetBrains and Atlassian users should pay special attention since vulnerabilities continue cropping up in the same products.
The problem: Two authentication bypass vulnerabilities, CVE-2024-27198 and CVE-2024-27199, allow unauthenticated attackers to exploit JetBrains TeamCity servers.
These are different JetBrains vulnerabilities than the ones mentioned in past recaps.
Potential exploits of the new vulnerabilities can include remote code execution on TeamCity servers.
JetBrains released a detailed blog post explaining the specific timeline of discovering the vulnerabilities, the conflict with Rapid7, and JetBrains' stance on releasing vulnerability information.
Its position is that immediately releasing vulnerability data to the public allows threat actors to exploit the issues before customers have sufficient time to patch them.
Because of these differences, JetBrains decided not to coordinate with Rapid7 in disclosing the vulnerability information.
According to JetBrains' blog post, the new version and the related security patch plug-in solves both authentication bypass vulnerabilities.
Type of vulnerability: Multiple issues, including kernel security bypass vulnerabilities.
If your business doesn't have a good method of quickly finding vulnerabilities, consider investing in a vulnerability scanning product specifically designed for websites, applications, or DevOps use cases.
Type of vulnerability: Use-after-free vulnerability potentially leading to code execution.
The problem: CVE-2024-22252, a use-after-free vulnerability, could allow a threat actor to execute code using admin privileges on a VMware virtual machine.
According to the National Instutite of Standards and Technology, the exploitation is contained within the VMX sandbox in ESXi, but in Workstation and Fusion, the vulnerability could lead to code execution on machines where the products are installed.
Type of vulnerability: Carriage return line feed injection attack by an unauthenticated remote attacker.
The problem: Cisco's Secure Client software has a vulnerability, CVE-2024-20337, that allows an attacker to complete a carriage return line feed injection attack.
According to Cisco, after exploiting the Secure Client vulnerability, an attacker could execute arbitrary code or access sensitive data in the browser, like valid SAML tokens.
Type of vulnerability: Potential authentication bypass.
The problem: CVE-2023-22527, a remote code execution vulnerability in outdated versions of Atlassian Confluence Data Center and Confluence Server, is currently being actively exploited.
Atlassian disclosed the vulnerability in January, but threat actors continue to capitalize on the issue: VulnCheck recently published a blog post and noted that the vulnerability has at least 30 unique exploits, as of March 8.
This Cyber News was published on www.esecurityplanet.com. Publication date: Mon, 11 Mar 2024 21:13:07 +0000